Conversation

There are several sql injection vulnerabilities in Revive. This change fixes them.

These vulnerabilites are already being exploited. I discovered them after tracking down an attack on our OpenX installation. I have tested the vulnerability on Revive as well. The attacks on OpenX have been going on since at least September, so I would assume the vulnerability is well known in black hat circles by now.

For everyone who wants to patch their system right away, I have provided patched files for OpenX and Revive on my blog:

This comment has been minimized.

Neither the pull request nor the blog post contain any instructions as to how exploit the vulnerability. To be sure I removed some additional information from the pull request which explained some changes. An email has been sent.

Neither the pull request nor the blog post contain any instructions as to how exploit the vulnerability. To be sure I removed some additional information from the pull request which explained some changes. An email has been sent.

This comment has been minimized.

Hi hwde, thanks for the hint... but I'm afraid I do not see the issue with the patched format condition. It's probably best not to discuss this in public, so can you send me some more detailed information to florian.sander at checkpanel.com? Better include security at revive-adserver.com as well since Matteo is working on the official patch right now.

Hi hwde, thanks for the hint... but I'm afraid I do not see the issue with the patched format condition. It's probably best not to discuss this in public, so can you send me some more detailed information to florian.sander at checkpanel.com? Better include security at revive-adserver.com as well since Matteo is working on the official patch right now.